Google has not addressed Chrome bugs that activate microphones

Vulnerabilities in Chrome exist that could allow for a computer microphone to be turned on just by passing through a malicious website – but Google has not done anything about it in the four months since Tal Ater, a web developer, reported on it.

In September 2013, Ater discovered the bugs while working on annyang, a program that allows visitors to navigate websites using voice commands. Ater reported his findings to Google and, in less than a week, the internet company identified the issue and wrote a fix.

But that fix was never applied.

Google is currently awaiting a response from its Standards group on the best course of action to take, according to Ater, who released the source code for the exploits and explained the issue works using hidden pop-under windows.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.